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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^ Responsive to communication(s) filed on 14 September 2009 . 
2a )^ This action is FINAL. 2b)n This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Clalm(s) 24-41 and 43-46 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) |EI Claim(s) 24-41 and 43-46 is/are rejected. 
/)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 14 September 2009 is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1 ) □ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 

'TOL-326 (Rev. 08-06) Office Action Summary Part of Paper No./Mail Date 20091 21 6 



Application/Control Number: 1 0/5 84,864 Page 2 

Art Unit: 2431 

DETAILED ACTION 

1 . Claims 24-41 and 43-46 have been examined. 

Drawings 

2. New corrected drawings in compliance with 37 CFR 1 . 1 2 1 (d) are required in this 
application because figures 1, 3 and 5 do not contain written description to the steps involved. 
Applicant is advised to employ the services of a competent patent draftsperson outside the 
Office, as the U.S. Patent and Trademark Office no longer prepares new drawings. The corrected 
drawings are required in reply to the Office action to avoid abandonment of the application. The 
requirement for corrected drawings will not be held in abeyance. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 1 12: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly cormected, to make and use the same and shall set forth the best mode 

contemplated by the inventor of carrying out his invention. 

4. Claims 24-41 and 43-46 are rejected under 35 U.S.C. 1 12, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which was not 
described in the specification in such a way as to enable one skilled in the art to which it pertains, 
or with which it is most nearly connected, to make and/or use the invention. The Specification 
discloses that protected data resources are stored in remote database. However, the Specification 
does not clearly describe storing protected data resources that are encrypted along with data 
resources when storing both resources potentially breaches the security of the data resources the 



Application/Control Number: 1 0/5 84,864 Page 3 

Art Unit: 2431 

encryption is aimed to achieve. Therefore, the examiner examines the claims by interpreting that 
only protected data resources that are in encrypted form are stored in remote database. Applicant 
is welcome to contact examiner to clarify inventive concept to expedite prosecution. 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the iii\ eiitioii is not iclentieall\ cliseloscd or described as set forth in 
section 102 of this title, il' the tlilleienees between the siibjeet matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 24-41 and 43-46 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ben-Chuan et al. U.S. Pat. No. 7177425 (hereinafter Ben) in view of Campbell U.S. Pub. No. 
20040204124 (hereinafter Campbell). 

7. As per claim 24, Ben discloses a method for the cipher controlled exploitation of data 
resources stored in a database associated with a computer system, comprising the steps of: 
providing a subscriber identity module carrying at least one security algorithm (Ben: column 3 
lines 28-3 1 : the cipher key generating module is SIM); producing a cipher key via said at least 
one security algorithm (Ben: column 3 lines 28-31); and using said cipher key for protecting said 
data resource (Ben: column 2 lines 30-35). Ben does not explicitly disclose a remote storing 
location accessible by said user via a communications network. However, Campbell discloses a 
remote server database that allows users of portable or wireless devices to store personal 
information/file in the database over a network (Campbell: [0004]). It would have been obvious 
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to one having ordinary skill in the art to allow users to encrypt user's private/personal 
information and store in a wireless device and upload the desired encrypted files to remote server 
database for storage because both devices are capable of performing communication over 
network. Therefore, it would have been obvious to one having ordinary skill in the art at the time 
of applicant's invention to combine the teachings of Campbell within the system of Ben because 
it provides greater amount of memory space through remote server database. 

8. As per claim 25, Ben discloses the method according to claim 24. Ben fiirther discloses 
wherein said step of using said cipher key for protecting said data resources comprises the steps 
of encrypting said data resources by means of said cipher key (Ben: column 2 lines 30-35); 
storing encrypted data resources in storage and retrieve encrypted resources fi-om storage for 
decryption (Ben: column 5 lines 26-38). 

Ben does not explicitly disclose a remote storing location accessible by said user via a 
communications network. However, Campbell discloses a remote server database that allows 
users of portable or wireless devices to store personal information/file in the database over a 
network (Campbell: [0004]). It would have been obvious to one having ordinary skill in the art to 
allow users to encrypt user's private/personal information and store in a wireless device and 
upload the desired encrypted files to remote server database for storage because both devices are 
capable of performing communication over network. Therefore, it would have been obvious to 
one having ordinary skill in the art at the time of applicant's invention to combine the teachings 
of Campbell within the system of Ben because it provides greater amount of memory space 
through remote server database. 
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9. As per claim 26, Ben discloses the method according to claim 24. Ben further discloses 
wherein said step of producing a cipher key comprises the steps of: generating at least one 
random value; subjecting said at least one random value to said at least one security algorithm to 

generate at least one session key; and processing said at least one session key via a mixer 
function to produce said at least one cipher key (Ben: column 2 lines 1-2: providing cipher key; 
column 5 lines 4-15 : generating cipher key based on random values). 

10. As per claim 27, Ben discloses the method according to claim 26. Ben further discloses 
the steps of generating at least two random values; subjecting said at least two random values to 
said at least one security algorithm to generate at least two session keys; and combining said at 
least two session keys via a mixer function to produce said at least one cipher key (Ben: column 
5 lines 4-15). 

11. As per claim 28, Ben discloses the method according to claim 26. Ben further discloses 
wherein said mixer fimction comprises a hash fimction (Ben: column 5 lines 21-25). 

12. As per claim 29, Ben discloses the method according to claim 26. Ben further discloses 
the step of inserting in said mixer function a user specific secret unrelated to said subscriber 
identity module security algorithm, whereby said cipher key is unpredictable even based on 
knowledge of said security algorithm carried in said subscriber identity module (Ben: column 3 
lines 28-37). 
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13. As per claim 30, Ben discloses the method according to claim 24. Ben further discloses 
the step of selecting said data resources from user sensitive data or user credentials (Ben: column 
4 lines 21-28). 

14. As per claim 3 1 , Ben discloses the method according to claim 30. Ben further discloses 
wherein said step of using said cipher key for protecting said data resources comprises the step of 
encrypting by means of said cipher key, said user sensitive data or said user credentials from 
plain text into an encrypted format (Ben: column 2 lines 29-35). 

15. As per claim 32, Ben discloses the method according to claim 3 1 . Ben fiirther discloses 
wherein said step of using said cipher key for protecting said data resources comprises the step of 
decrypting by means of said cipher key said user sensitive data or said user credentials from an 
encrjqjted format into plain text (Ben: coliimn 6 lines 21-24). 

16. As per claim 33, Ben discloses the method according to claim 3 1 . Ben fiirther discloses 
wherein said user sensitive data or said user credentials in encrypted format have a cryptographic 
header associated therewith (Ben: colvimn 5 lines 26-38). 

17. As per claim 34, Ben discloses the method according to claim 33. Ben fiirther discloses 
wherein said cryptographic header comprises an identifier of said subscriber identity module and 
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a cryptographic checksum based on said cipher key, said cryptographic checksum being used for 
detecting any unauthorized modifications of said encrypted format (Ben: column 5 lines 21-25). 

18. As per claim 35, Ben discloses the method according to claim 30. Ben does not explicitly 
disclose wherein said data resources are user credentials, said database associated with said 
computer system is a remote database and said data resources based on said user credentials are 
stored in said remote database in an encrypted format. However, Campbell discloses a remote 
server database that allows users of portable or wireless devices to store personal information/file 
in the database over a network (Campbell: [0004]). It would have been obvious to one having 
ordinary skill in the art to allow users to encrypt user's private/personal information and store in 
a wireless device and upload the desired encrypted files to remote server database for storage 
because both devices are capable of performing contmiunication over network. Therefore, it 
would have been obvious to one having ordinary skill in the art at the time of applicant's 
invention to combine the teachings of Campbell within the system of Ben because it provides 
greater amount of memory space through remote server database. 

19. As per claim 36, Ben as modified discloses the method according to claim 35. Ben as 
modified further discloses the step of establishing a relationship between said user credentials 
stored in said encrypted format in said remote database and a corresponding user subscriber 
identity module (Campbell: [0004]). 
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20. As per claim 37, Ben as modified discloses the method according to claim 36. Ben as 
modified fiirther discloses wherein said relationship is established by means of an identifier of 
said subscriber identity module (Campbell: [0004]). 

21 . As per claim 38, Ben as modified discloses the method according to claim 37. Ben as 
modified further discloses the step of using said identifier for searching within said remote 
database to permit said user exploitation of said user credentials (Campbell: [0004]). 

22. As per claim 39-46, claims 39-46 encompass the same scope as claims 24-38. Therefore, 
claims 39-46 are rejected based on the same reason set forth above in rejecting claims 39-46. 

Response to Arguments 

23. Applicant's arguments filed 9/14/09 have been fiilly considered but they are not 
persuasive. 

Regarding applicant's remarks, applicant mainly argues that the prior art of record does 
not explicitly disclose storing protected data resources in said remote database in encrypted 
format along with said data resources. However, the examiner has rejected the claims based on 
35 U.S.C. 1 12 because storing data resources in encrypted form along with data resources in 
plain form in remote database does not protect data from unauthorized access. Based on 
Specification, data resources are encrj^ted and stored in remote database as protected data 
resources. Therefore, applicant's argument is not persuasive in hght of above explanation. 
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Conclusion 

24. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS fi-om the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SHIN-HON CHEN whose telephone number is (571)272-3789. 
The examiner can normally be reached on Monday through Friday 8:30am to 5:30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, William R. Korzuch can be reached on (571) 272-7589. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Shin-Hon Chen 
Primary Examiner 
Art Unit 2431 

/Shin-Hon Chen/ 

Primary Examiner, Art Unit 243 1 



